of information and/or other resources; corruption or modification of information; theft,
removal or loss of information and/or other resources; disclosure of information and interruption
of services’. Another, clearer definition comes from RFC 2828, which defines a threat
as ‘A potential violation of security exists when there is a circumstance, capability, action, or
event that could breach security and cause harm’. In other words, a threat is a possible danger
that might exploit vulnerability.
Threats can be classified as accidental or intentional and may be active or passive:
• Accidental vs. intentional threats – as their names imply, accidental threats exist with no
premeditated intent; for example, system malfunctions or software bugs. On the other hand,
intentional threats are planned actions for specific purposes.
• Passive vs. active threats – passive threats do not modify the information in or operations
of the victim systems; for example, wire tapping. Active threats, on the other hand, involve
modification of information in or operation of the victim systems; for example, changing
the firewall rules of a system to allow unauthorized access.
While a threat is a potential security problem that may lead to a security breach, it is not yet
an action. An attack, on the other hand, is an action to exploit a security breach. Attacks can
also be classified as insider or outsider attacks, and active or passive attacks:
• Insider vs. outsider attacks – insider attacks occur when legitimate users of a system behave
in unintended ways. Outsider attacks are initiated from outside the security perimeter by
illegitimate system users.
• Active vs. passive attacks – active attacks attempt to change system resources or affect their
operation. Examples of active attacks are masquerade, replay, modification of message and
denial of service. Passive attacks attempt to make use of information from the system without
changing system resources. Examples of passive attacks are message content disclosure
and traffic analysis.
Which X.800 security services address which X.800 attack types:
| Eavesdropping | Traffic analysis | Denial of Service | Masquerade | Modification | Replay | |
| Peer entity authentication | Y | |||||
| Data origin authentication | Y | |||||
| Access control | Y | |||||
| Data confidentiality | Y | |||||
| Traffic flow confidentiality | Y | |||||
| Data Integrity | Y | Y |
Which X.800 security services use which mechanisms:
| Encoding | Dig. signature | Access control | Data integrity | Auth. exch. | Tr. padding | Routing control | Notarization | |
| Peer entity auth. | Y | Y | Y | |||||
| Data origin auth. | Y | Y | ||||||
| Access control | Y | |||||||
| Data confidentiality | Y | Y | ||||||
| Traffic flow confid. | Y | Y | Y | |||||
| Data Integrity | Y | Y | Y | |||||
| Non-repudiation | Y | Y | Y |
Tidak ada komentar:
Posting Komentar